PSA: My home router went from zero blocked attempts to over 200 a day after I set up a honeypot

I run a small home server and about three months ago, I set up a basic honeypot on a spare Raspberry Pi to see what kind of traffic was hitting my network. For the first week, it was quiet, maybe one or two weird connection tries. Then, after about ten days, it exploded. My firewall logs now show over 200 blocked attempts daily, mostly trying to SSH into the honeypot with common usernames like 'admin' and 'root'. The cause seems clear: once the botnets found that open, fake port, they added my IP to their lists and keep hammering it. It's a stark before-and-after that shows how quickly you become a target once you're visible. I'm debating if the learning was worth painting a target on my home network. Has anyone else run a honeypot and seen this kind of immediate attention spike?

2 comments

2 Comments

jamieburns8d ago

What did you expect would happen? You put out a welcome mat for bots, so of course they showed up. That's the whole point of a honeypot, to see the attack traffic.

wyatt5138d ago

Wait, hold up. That's not exactly what a honeypot is for though. It's not just about seeing bots show up, it's about studying how they act once they're inside. You watch what they try to do, what they're looking for. That's how you learn to stop them for real.